New this year:

Cooler prizes.

Larger supply of of t-shirts and mugs for the populace.

Expanded judging categories.

Donations of coffee from Innkeeper's Coffee.

Free scalding w/ boiling water for any who bring Folgers or Starbucks.

Better organization (we've had a year to figure out how to do this right, this time.)

Rob Nielsen actually showing up and not dishing the entire event to Jay Dyson.

Our wandering reporters will be getting up to the minute reports from people @ the con and updates will be broadcast through the station randomly throughout the day.  Get your scheduling information with D-Update, every hour during scheduled activities.  A few of the lectures will also be available throughout the con through separate streams on the station.

Assistance needed: For those who have recon capabilities in the area, we need to know what FM broadcasters there are in the area, and preferably like to find a solid frequency that is not currently in use...

Information can be found prior to defcon @ Hacho.  Sponsored by DMZ Services, Inc.

Once you get in there will be a bar (for those of you over 21), DJ action, a his / her best dressed contest and some other stuff we haven't thought of yet.

So what is acceptable to wear?  In the past there have been formal wear, fetish wear, bondage clothing, a prom dress, old zoot suits, and a full "cyber" punk on roller blades with a head mount display.  Anything you want to show off or feel good wearing, basically.

OK people, this is what you've been waiting for. this page is (of course) still under construction and may change at
any time up until the moment I leave for vegas for defcon this year. Don't worry, I'm flying, so you have about 1.5 hours notice :)

For the first time ever, we now finally have a DC-Shoot mailing list! use it to make defcon shoot plans, talk about guns, 2A, gun advocacy, hunting, BBQ recipes, load data, etc... Just send mail to majordomo@23.org with the words subscribe dcshoot in the message body.

For complete information see the official and up to date DC-Shoot website.

Some major changes to the event this year. Due to the fact that Defcon is growing so large we now have to use the DJ room for speakers during the day. As of right now the DJ room will be providing entertainment from 6pm - 6am Friday and Saturday nights only. We had hoped to start Friday evening and go straight through till Sunday, but we need the space for speakers. This is going to limit the number of acts performing this year, but it should be a good party any ways. 

Big change number two is the format. Traditionally we have had  Industrial/Goth/EBM music on Friday night. This year we are looking to  fill the Friday slot with more live acts during the evening and some good  chillout DJs for the late night. The reason for this is simply, the Industrial/Goth/EBM music really doesn't bring anyone into the room. No point in having a party if no one shows up.

Go to the Official DEF CON DJ site maintained by twentythree.org to get the band lineup.

Corporations are ethical, right? … and let’s not forget Government, too!

Ethics is that gray area between Legal and Illegal…and maybe your personal or corporate ethics are different that his or hers, or of someone from a different country or culture. Yet, we all need to live in the same “Space”. And that’s the whole point of “CyberEthical Surfivor.”  CyberEthical Surfivor is an Interactive Game that pits 18 brave souls on two teams against each other. The object of the Game is to be…duh… the last one standing: A true Surfivor. How you get there is half the fun, but Da Judge (Jennifer Granick) and Da Time Keeper and the D’Audience will be heavily involved in who become the Surfivor! Think:

Originality, Creativity, Positivity and Sticking to Time

Evolve and Develop a Consistent CyberEthical Profile and Persona That Your Team Mates, Opponents and Audience Will Support Throughout the Game.

Strategy? Compete with your team? Want winners or losers on your side? The other side? What does the audience want?

LOSERS: There will be 17 losers, and they will all win something, just for playing. Nothing stupendous, but hey… you lost!

SIGN UP: Anyone can play. Kids. Spooks, Spies, Hackers, Suits. No age limits (this is a PG/PG-13 Game). 
Submit your name, affiliation and contact information to the webmaster. We will draw names from a stupid hat at the beginning of the Game, Saturday, July 14, 2001.

WHAT THE SURFIVOR WINS:
1. $800 donation of ethics books in your name to the educational institution of your choice.
2. DefCon attendance free for life!
3. DefCon Jacket 
4. Bragging Rights
5. Come back next year to defend your title!

HOST: Winn Schwartau (www.nicekids.netwww.interpactinc.com, www.infowar.com ) Da Judges: Jennifer Granick, Stanford Law, Chris Goggans, Counterpane, Richard Thieme, Social Commentaryist.

Teams: Each team is going to have a color, and should use Ethernet cables of  that color.  ( DT's going to spring for a box of red, white, blue, green, yellow, black and grey. ) Each team will get an SSL client certificate that allows access to the central reporting web site. 

Current teams are:
Orange: Digital Revelation
Green: (don't know the team name)
Black: Team immunex (contact crispin@ wirex.com if you want to be a hacker on this team)

mfvsThe targets: The last three IP addresses of each subnet are the target/victim  IP addresses. (That should be a big hint about what to scan) Each team should have at least one machine capable of running vmWare that  they're willing to leave plugged in. VMware has donated some goodies for CTF, and we'll have a license that everybody can use during Defcon.  (There isn't any computer check in this year. Your team has to take care of your target machines). 

How the game Works: Each team is going to have some lUsers, some Sysadmins & probably a mess of hackers.
 

Sysadmins get these points after the first lUser report. (So there's some proof that the machine worked).Sysadmins can touch the keyboard to change out services or the whole OS an hour after the first lUser report, when the machine is hacked,  or when a judge takes pity on their fumbling with the install disks. In between setting up the OS & getting hacked, sysadmins are expected to go off & get drunk or watch the con.   Go ahead & watch the console, but don't snipe attackers by hand.

lUsers win by reporting on the services that that the sysadmins on other teams have set up. 
lUsers get 2 points for being the first to report on a new service, and 10 points for reporting the highest total. lUsers can re-report on the same service every 3 hours. 

For each service you find on another team's box, make a connection to the recording web server & report (scale of 1-10, 10 is high) how cool the service is, how hard you think it would be to implement (complexity) risk/ease of hacking.
So someone who implemented a complete adventure game using forward and reverse lookups on bind4 might get 10,5,7
Reports from Grey net lUsers don't count but will influence the judges's decisions. 
Hackers win by putting a file on the root partition of any machine not on their team, then reporting on the hack.
Hackers win the total number of points given in the lUser reports for that machine,  plus any points the sysadmin may have bet, plus 20 points for the hack. 

Hackers will rank (scale of 1-10) the ease of the hack, how "risky" the service was, (yes we are setting the lUsers risk evaluation against the hackers) and coolness of the system that they hacked.
So popping an ancient qpopper that turns out to be running on NT  might be 2,10,8

Betting: If a team has a positive number of points, the sysadmins can choose to bet points that their machine or service won't be cracked. They have to find someone on the other teams to take that bet & work out the terms between them. The terms should  be written on paper on the wall. Hacking teams can bet points they don't have, they just go into negative points when theyloose. 

Still with us?

Here's the order: 
Green sysadmin grabs a vmware disk from the bag
Sysadmin fires up the image, tweaks it to run her chosen services/site
Red luser sees & logs the web site, (+2 points for luser)(plus 10 for sysadmin, since the site is shown to work)
Red lUser's rates the site for 7,5,2 (+14 to sysadmin)
Yellow team's luser rates it at 8,5,3 (+16 to sysadmin)
Yellow Hacker on team 3 roots the box ((30+20)= 50 points for hacker)
Yellow Hacker rates host as 8,5,3 (+16 to sysadmin)
So the total is Red =2, Green = 56, Yellow = 50 

Rules: No coercive force, mickey finns or summoning of elder gods. 
No attacking the web server or central routers. 
Lame DOS attacks may cause the judges to disconnect your ethernet link 
Root partitions must have at least 64k writable. 
The judges may make changes to keep things moving.  (think "Wait Wait don't tell me" , not the olympics)

Strategy: If someone else has a cool service that's getting them a lot of points, have the hackers on your team steal it, THEN take them down. Alliances may be profitable. Build cool (and very portable) services in advance. Pleasing the crowd on the grey net may mean you get awarded bonus points.  Getting hacked gives you points & the chance to change out your OS. So it is a valid strategy to put up lots of cool services that get hacked right away. A really cool server that stays up & keeps getting good lUser feedback is equivalent to installing a lot of os's & having them hacked right away. You get points for risky installs, but that costs you time. All of the scoring is tit for tat, not One round prisoners dillema so it makes sense to give people at least average points. Some cool service ideas Don't lock things down so that it can't be hacked, or rely on a back door that nobody will ever scan for. Deception and confusion about where the attacker is or has connected to, but not so much that no one can get past it. (hints are good) Multiple servers interacting Involving spoofing across a switch or router, or client with buffer overflows. Something new with plaintext protocols. (icecast over telnet with a new client) Just plain wrong apps (text mode quake)

How can you help? There will be a mailing address for ctf up on defcon when the contest rules come up.  As usual, you'll need to bring switches, hubs, 10base T gear, etc. We're also going to need a lot of pre made vmware images & strange intel operating systems to put into the drawing bag , so start scrounging for windows 2.0 If anybody is willing to run book on the contest & offer dollars for points, that would be great.

In 1997 is was Team SNI, In 1998 it was the Mad Sweedish Hackers, In 1999 it was The Ghetto Hackers, In 2000 It was The Ghetto Hackers / Subterranean Security Group Combo... Who will it be in 2001?

Yup… DefCon fans just keep on coming and coming… So, for the 7th year in a row… we play Hacker Jeopardy! 
It starts, as usual, at 10PM on Friday night for two games where the teams (of up to three people each) fight it out, duke it out and drink it out with questions to our answers.

You know the Game. Winners win great gifts from Dark Tangent and DefCon. Losers get to drink. All players drink. (>21 Only)
Hacker Jeopardy is rated Heavy-R, NC-17 and one year it was nearly X. You are warned.

WE NEED ANSWERS: Please send your ideas for answers (and questions) in groups of 6-7 in a specific category. Sometimes we get a little technical, but not too technical – that’s what the Unix Drinking Game is for. Send them to winns at gte d0t net and we’ll try to build them into the Game.

WHO CAN PLAY? Most people play pretty lousy… but you can still try. Submit your teams to Dtangent@DefCon.Org and we’ll pick you out of a hat before each Game. One year a secret government group got so drunk, they didn’t answer one question right. That was humiliating. For them.

AUDIENCE PLAYS: Yup! You get to play, too. 
DefCon ends up with tons of presents and gifts that we toss out to audience members who come up with the right questions… we got to get rid of all this stuff…one year we gave away a couple dozen Sun workstations! 
 Plus, you can make fun of the contestants on stage. Be rowdy. A little rowdy, not a lot rowdy. Don’t want anyone arrested again for being TOO rowdy. 

WHEN: Friday, July 13, 2001: 11PM. Rounds One and Two.
Saturday, July 14, 2001: 11PM Round Three, and then the Final Round, where the winners from the first three Games compete.
Last Year’s winners can play in Final Round as Team #4, if they choose.

"Like a paranoid version of pin the tail on the donkey, the favorite sport at this gathering of computer hackers and phone phreaks seems to be hunting down real and imagined telephone security and Federal and local law enforcement authorities who the attendees are certain are tracking their every move.. .. Of course, they may be right."
                                                       - John Markhoff, NYT

Basically the contest goes like this:  If you see some shady MIB (Men in Black) earphone penny loafer sunglass wearing Clint Eastwood to live and die in LA type lurking about, point him out.  Just get my attention and claim out loud you think you have spotted a fed.  The people around at the time will then (I bet) start to discuss the possibility of whether or not a real fed has been spotted.  Once enough people have decided that a fed has been spotted, and the Identified Fed (I.F.) has had a say, and informal vote takes place, and if enough people think it's a true fed, or fed wanna-be, or other nefarious style character, you win a "I spotted the fed!" shirt, and the I.F. gets an "I am the fed!" shirt.

NOTE TO THE FEDS:  This is all in good fun, and if you survive unmolested and undetected, but would still secretly like an "I am the fed!" shirt to wear around the office or when booting in doors, please contact me when no one is looking and I will take your order(s).  Just think of all the looks of awe you'll generate at work wearing this shirt while you file away all the paperwork you'll have to produce over this convention.  I won't turn in any feds who contact me, they have to be spotted by others.

DOUBLE SECRET NOTE TO FEDS:  This year I am printing up extra "I am the Fed!" shirts, and will be trading them for coffee mugs,  shirts or baseball hats from your favorite TLA.  If you want to  swap bring along some goodies and we can trade.  Be stealth about it if you don't want people to spot you.  Agents from foreign governments are welcome to trade too, but I gotta work on my mug collection and this is the fastest way.

Check http://www.atreus.org/ for complete info and to sign up!